build(deps): bump yaml

[dependabot]

Bumps and yaml. These dependencies needed to be updated together.
Updates yaml from 2.3.1 to 2.8.3

Release notes

Sourced from yaml's releases.

v2.8.3

• Add trailingComma ToString option for multiline flow formatting (#670)
• Catch stack overflow during node composition (1e84ebb)

v2.8.2

• Serialize -0 as -0 (#638)
• Do not double newlines for empty map values (#642)

v2.8.1

• Preserve empty block literals (#634)

v2.8.0

• Add node cache for faster alias resolution (#612)
• Re-introduce compatibility with Node.js 14.6 (#614)
• Add --merge option to CLI tool (#611)
• Improve error for tag resolution error on null value (#616)
• Allow empty string as plain scalar representation, for failsafe schema (#616)
• docs: include cli example (#617)

v2.7.1

• Do not allow seq with single-line collection value on same line with map key (#603)
• Improve warning & avoid TypeError on bad YAML 1.1 nodes (#610)

v2.7.0

The library is now available on JSR as @​eemeli/yaml and on deno.land/x as yaml. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.

• Use .ts extension in all relative imports (#591)
• Ignore newline after block seq indicator as space before value (#590)
• Require Node.js 14.18 or later (was 14.6) (#598)

v2.6.1

• Do not strip :00 seconds from !!timestamp values (#578, with thanks to @​qraynaud)
• Tighten regexp for JSON !!bool (#587, with thanks to @​vra5107)
• Default to literal block scalar if folded would overflow (#585)

v2.6.0

• Use a proper tag for !!merge << keys (#580)
• Add stringKeys parse option (#581)
• Stringify a Document as a Document (#576)
• Add sponsorship by Manifest

v2.5.1

• Include range in flow sequence pair maps (#573)

v2.5.0

• Add --indent option to CLI tool (#559, with thanks to @​danielbayley)
• Require newline in all cases for props on block sequence (#557)
• Always reset indentation in lexer on ... (#558)
• Ignore minContentWidth if greater than lineWidth (#562)
• Drop unused Collection.maxFlowStringSingleLineLength (#522, #421)

... (truncated)

Commits

• ce14587 2.8.3
• 1e84ebb fix: Catch stack overflow during node composition
• 6b24090 ci: Include Prettier check in lint action
• 9424dee chore: Refresh lockfile
• d1aca82 Add trailingComma ToString option for multiline flow formatting (#670)
• 4321509 ci: Drop the branch filter from GitHub PR actions
• 47207d0 chore: Update docs-slate
• 5212fae chore: Update docs-slate
• 086fa6b 2.8.2
• 95f01e9 chore: Add funding to package.json
• Additional commits viewable in compare view

Updates yaml from 1.10.2 to 1.10.3

Release notes

Sourced from yaml's releases.

v2.8.3

• Add trailingComma ToString option for multiline flow formatting (#670)
• Catch stack overflow during node composition (1e84ebb)

v2.8.2

• Serialize -0 as -0 (#638)
• Do not double newlines for empty map values (#642)

v2.8.1

• Preserve empty block literals (#634)

v2.8.0

• Add node cache for faster alias resolution (#612)
• Re-introduce compatibility with Node.js 14.6 (#614)
• Add --merge option to CLI tool (#611)
• Improve error for tag resolution error on null value (#616)
• Allow empty string as plain scalar representation, for failsafe schema (#616)
• docs: include cli example (#617)

v2.7.1

• Do not allow seq with single-line collection value on same line with map key (#603)
• Improve warning & avoid TypeError on bad YAML 1.1 nodes (#610)

v2.7.0

The library is now available on JSR as @​eemeli/yaml and on deno.land/x as yaml. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.

• Use .ts extension in all relative imports (#591)
• Ignore newline after block seq indicator as space before value (#590)
• Require Node.js 14.18 or later (was 14.6) (#598)

v2.6.1

• Do not strip :00 seconds from !!timestamp values (#578, with thanks to @​qraynaud)
• Tighten regexp for JSON !!bool (#587, with thanks to @​vra5107)
• Default to literal block scalar if folded would overflow (#585)

v2.6.0

• Use a proper tag for !!merge << keys (#580)
• Add stringKeys parse option (#581)
• Stringify a Document as a Document (#576)
• Add sponsorship by Manifest

v2.5.1

• Include range in flow sequence pair maps (#573)

v2.5.0

• Add --indent option to CLI tool (#559, with thanks to @​danielbayley)
• Require newline in all cases for props on block sequence (#557)
• Always reset indentation in lexer on ... (#558)
• Ignore minContentWidth if greater than lineWidth (#562)
• Drop unused Collection.maxFlowStringSingleLineLength (#522, #421)

... (truncated)

Commits

• ce14587 2.8.3
• 1e84ebb fix: Catch stack overflow during node composition
• 6b24090 ci: Include Prettier check in lint action
• 9424dee chore: Refresh lockfile
• d1aca82 Add trailingComma ToString option for multiline flow formatting (#670)
• 4321509 ci: Drop the branch filter from GitHub PR actions
• 47207d0 chore: Update docs-slate
• 5212fae chore: Update docs-slate
• 086fa6b 2.8.2
• 95f01e9 chore: Add funding to package.json
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity . 0 duplication

Metric	Results
Complexity	0
Duplication	0

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes. Give us feedback}

[codacy-production]

Pull Request Overview

This PR updates the 'yaml' dependency to versions 2.8.3 and 1.10.3. While the Codacy analysis is up to standards, the PR only modifies 'package-lock.json', leaving 'package.json' out of sync for a minor version bump.

There is a gap in acceptance criteria verification: no smoke tests were executed to validate the specific serialization fixes and stack overflow protections introduced in the new versions. Furthermore, the PR description appears incomplete, suggesting other intended changes might be missing. Ensure the environment supports Node.js >= 14.6 as required by the library upgrade.

About this PR

• The PR only modifies 'package-lock.json'. Please update 'package.json' to reflect the new version ranges (2.8.3 and 1.10.3) to ensure consistency across the project.
• The PR description contains a typo or omission: 'Bumps and [yaml]...'. Please clarify if another package update was intended or correct the description.

Test suggestions

• Verify successful parsing of YAML documents using the new versions (1.10.3 and 2.8.3).
• Verify that serialization (ToString) correctly handles -0 and multiline flow formatting as per release notes.
• Verify the stack overflow protection during node composition introduced in v2.8.3.

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Verify successful parsing of YAML documents using the new versions (1.10.3 and 2.8.3).
2. Verify that serialization (ToString) correctly handles -0 and multiline flow formatting as per release notes.
3. Verify the stack overflow protection during node composition introduced in v2.8.3.

Low confidence findings

• No smoke tests or regression tests were included to verify that the dependency change doesn't disrupt YAML parsing or formatting in the host project.

---

🗒️ Improve review quality by adding custom instructions